Debian Security Advisory

DSA-670-1 emacs20 -- format string

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs, the well-known editor. Via connecting to a
malicious POP server an attacker can execute arbitrary code under the
privileges of group mail.

For the stable distribution (woody) these problems have been fixed in
version 20.7-13.3.

The unstable distribution (sid) does not contain an Emacs20 package
anymore.